4 matches found
Command injection
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...
CVE-2017-12576
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...
Cart32 3.0 - 'expdate' Administrative Information Disclosure
source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging page containing the server variables, the Cart32...
Cart32 3.0 - expdate Administrative Information Disclosure
Cart32 3.0 - expdate Administrative Information Disclosure source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging...